General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Best or recommended way to connect PA to Windows Domain

What is the recommended way to connect a PA box to a windows domain?I see know there is a radius way of doing it, and i know this is the way other like to configure it.But there is alot more work configuring, and reconfiguring if i want to change/add any groups or access.Is there a reason we should not use Kerberos or LDAP?

Resolved! Comprehensive report

I have had my PA 3020 in line for about 4 months. Can anyone suggest a report to run that we give me a good over all idea of how well the firewall is working?

infotech by L4 Transporter
  • 4783 Views
  • 7 replies
  • 0 Likes

youtube detection failure

creating security policy to allow specif users to use applications web-browsing and SSL with destination any with using SSL decryption policy which decrypt all.after this policy there is implicit deny .the issue that palo alto cant` detect youtube application , monitoring shows that is web-browsing is permitted and falsh is denied !!!!how i can...

User-ID Agent

hello.... Can a User-ID Agent connect to more than one firewall?if so, how do you set up the other ones?

Resolved! Active/Active & IPSec Trouble

After implementing HA Active/Active, we left S2S VPN tunnels alone. Ultimately no changes to IKE Gateways. The S2S terminate to a /30 address that is statically routed from the ISP to ethernet1/12 on the active-primary. Tunnel interfaces and their routes are identical on both primary and secondary, IKE Gateways are NOT synced as this is just ...

dshue by L2 Linker
  • 8223 Views
  • 4 replies
  • 0 Likes

Resolved! Port Channel to Cisco Switch

Hi,I have Palo Alto 3020/5020 firewalls and I would like to configure a port channel (ether channel) between these devices and a Cisco switch.I have configured an aggregate link on the Palo and added the interfaces. I have created the Port Channel on my Cisco but I am not seeing the AE interface coming up.Has anyone got a guide on how this can b...

sjy2013 by L0 Member
  • 27991 Views
  • 5 replies
  • 0 Likes

enforce safe search

I created a rule for URL and tick the enforce safe search. When it enabled, if I want to do the google search, I have to log in my account and pick lock safe search. Otherwise, it will block me. I think it is hard to use in my case, which is a school and have lots of students around 5-6 years. it is too hard for them to do register a google ac...

Bin by L1 Bithead
  • 1951 Views
  • 1 replies
  • 0 Likes

enforce safe search

I created a rule for URL and tick the enforce safe search. When it enabled, if I want to do the google search, I have to log in my account and pick lock safe search. Otherwise, it will block me. I think it is hard to use in my case, which is a school and have lots of students around 5-6 years. it is too hard for them to do register a google ac...

Bin by L1 Bithead
  • 2246 Views
  • 1 replies
  • 0 Likes

Test PA-200 parrallel to current firewall

I received a PA-200 device for review and testing. I like to set it up besides my current firewall and see what it can filter.Via SPAN Monitor on a Cisco switch I copy all traffic on the UNTRUST side to the PA-200. Now I get a lot of tcp-reject-non-syn drops.What is the correct way to configure the PA-200 to listen to all traffic on the UNTRUST ...

MdeLoos by L0 Member
  • 4023 Views
  • 3 replies
  • 0 Likes

Ampersand in API request

Hi, colleagues!I have a "Custom URL Category" and I try to add new URL from API request but if URL have ampersand(&) I have a error: <response status="error" code="18"><msg><line>Malformed Request</line></msg></response>PanOS: 5.0.8Original URL: example.com/proxy/index.php?hl=1111101001&q=789My API req...

faust by L1 Bithead
  • 5989 Views
  • 6 replies
  • 0 Likes

Can I see the user-id syslog agent's log?

I am using agentless syslog integration for user ID and it's working but for every login event I am seeing twice as many log messages received as auth success log messages and I want to know why. Is there a way to look at the logs received by the PA?>show user server-monitor state exi UDP Syslog Listener Service is enabled SSL ...

djr by L4 Transporter
  • 2581 Views
  • 2 replies
  • 0 Likes

About HA1 connection down in system critical log.

Hi. allI have a question about high availability with A-P mode.We found out critical system log in active device for HA1 connection down but not occurred split-brain. (system log : type ha / severity critical / event connect-change / description HA Group 1: HA1 Connection down.)Just HA 1 link is to go down and up within a few second.Configured H...

URL Blocking

How can I add some sites to the list of blocked URLs that PA downloads into my PA-500? I know I can block them manually in my PA, but I feel that the PA tech support staff should know about these sites. I will give you and example that my students found: Shyla Stylez - Official WebSite - FREE Pictures and Trailer Videos is NOT blocked by the...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels